CVE-2021-32772

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-32772
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32772.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32772
Related
  • GHSA-wjmh-9fj2-rqh6
Published
2021-08-03T15:15:08.503Z
Modified
2025-11-14T11:56:07.792452Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code (cross-site scripting). Being an application made in electron, cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. The vulnerability is patched in Poddycast version 0.8.1.

References

Affected packages

Git / github.com/mrchuckomo/poddycast

Affected ranges

Type
GIT
Repo
https://github.com/mrchuckomo/poddycast
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d31daa5cee04a389ec35f974959ea3fe4638be9

Affected versions

v0.*

v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.8.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32772.json"